More corporate shared folders in cloud filled with malware, research finds

In related studies: Ice is cold; fire still hot. Internet file sharing has long been a prime route for malware to spread. The situation is one of the reasons (aside from the exposure of proprietary data) that many companies restrict the use of cloud file sharing to corporate-approved systems. But it turns out that those enterprise cloud folders are just as bad. As more companies sanction the use of cloud applications for collaboration and sharing data—even just between individuals’ computers and mobile devices—those cloud apps have increasingly become fertile ground for malware.

In a study based on data collected from millions of users over the first three months of 2016, cloud security company Netskope found that 11 percent of enterprises have sanctioned cloud apps with malware. That total more than doubled, up from just 4.1 percent in the previous quarter’s data.The malware discovered included JavaScript exploits, droppers used to spread other malware, malicious embedded macros in document files, actual backdoor malware, spyware, and adware. Some mobile device malware was found as well.

All of the malware was found in file sharing applications, though only 26.2 percent of it appeared to be actually shared (whether internally to others in the affected company, externally with partners, or even publicly shared). That means the cloud folders were either infected because they were connected to a device exploited by malware, or the files were moved to the folders by the user.

JavaScript exploits and droppers made up 63.3 percent of the discovered malware in these cloud applications, suggesting that the malware targeted shared drives during exploits’ execution. Overall, 21.3 percent of the detected malware consisted of documents with malicious macros, and 4.3 percent was mobile malware. This suggests the corporate shared folders were accessed by vulnerable mobile devices.